[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: [openssl-users] monitoring software depending on openssl not working on cloudflare ssl websites
From: Jeffrey Walton <noloader () gmail ! com>
Date: 2015-09-15 17:00:57
Message-ID: CAH8yC8mpgn0WkGbKWbGmSC2waYZDiW_dfLyTNcLv4jbSz+=qkA () mail ! gmail ! com
[Download RAW message or body]
On Tue, Sep 15, 2015 at 3:55 AM, Horatiu N <horatiu@ddhosted.com> wrote:
> Greetings,
>
> Using the nagios plugins (latest debian package for 8.1) to check
> availability of https websites using cloudflare gives errors
> > CRITICAL - Cannot make SSL connection.
> > 139729452828304:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert \
> > internal error:s23_clnt.c:770:
>
> same goes if i attempt to run
> > openssl s_client -connect <target>:443
>
You need to use TLS (not SSL), and you need to use SNI. Here's the
first in the list using TLS and SNI:
$ openssl s_client -connect www.bluusun.com:443 -tls1 -servername
www.bluusun.com
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA
Limited, CN = COMODO ECC Certification Authority
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL
Multi-Domain/CN=sni100936.cloudflaressl.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO ECC Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO ECC Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
---
...
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic